kf

74 exploits Active since Jul 2001
EIP-2026-114777 EXPLOITDB perl WORKING POC
Veritas NetBackup 3.5/4.5/5.0 - Multiple Local Memory Corruption Vulnerabilities (3)
EIP-2026-114776 EXPLOITDB perl WORKING POC
Veritas NetBackup 3.5/4.5/5.0 - Multiple Local Memory Corruption Vulnerabilities (2)
EIP-2026-114775 EXPLOITDB perl WORKING POC
Veritas NetBackup 3.5/4.5/5.0 - Multiple Local Memory Corruption Vulnerabilities (1)
CVE-2003-0579 EXPLOITDB text WORKING POC
IBM U2 UniVerse <10.0.0.9 - Privilege Escalation
uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the user-supplied -uv.install command line option to find and execute the uv.install program, which allows local users to gain privileges by providing a pathname that is under control of the user.
EIP-2026-114754 EXPLOITDB text WRITEUP
IBM U2 UniVerse 10.0.0.9 - UVADMSH Buffer Overflow
EIP-2026-114753 EXPLOITDB text WRITEUP
IBM U2 UniVerse 10.0.0.9 - 'uvrestore' Buffer Overflow (PoC)
CVE-2001-1408 EXPLOITDB text WORKING POC
WebMail 2.0.1 - Path Traversal
Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in Cobalt Qube 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the mailbox parameter.
CVE-2006-5851 EXPLOITDB perl WORKING POC
Openbase - Symlink Following
openexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328.
CVE-2006-5852 EXPLOITDB perl WORKING POC
OpenBase SQL <10.0.1 - Privilege Escalation
Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327.
EIP-2026-104607 EXPLOITDB perl WORKING POC
Xcode OpenBase 9.1.5 (OSX) - Local Privilege Escalation
EIP-2026-104608 EXPLOITDB perl WORKING POC
Xcode OpenBase 9.1.5 (OSX) - Root File Create Privilege Escalation
CVE-2006-0395 EXPLOITDB ruby WORKING POC
Mac OS X 10.4 - Code Injection
The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.
CVE-2007-0463 EXPLOITDB text WORKING POC
Apple Software Update - Denial of Service
Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in (1) SWUTMP or (2) SUCATALOG filenames, or using the (3) application/x-apple.sucatalog+xml MIME type.
CVE-2007-1227 EXPLOITDB perl WORKING POC
McAfee VirusScan for Mac <7.7 - Privilege Escalation
VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute arbitrary commands.
CVE-2006-6131 EXPLOITDB perl WORKING POC
Kerio WebSTAR <5.4.2 - Privilege Escalation
Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory.
CVE-2006-4392 EXPLOITDB perl WORKING POC
Mach kernel - Privilege Escalation
The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space in a way that causes the child to call a parent-controlled function.
EIP-2026-104585 EXPLOITDB bash WORKING POC
Apple Mac OSX 10.4.7 - fetchmail Privilege Escalation
EIP-2026-104584 EXPLOITDB perl WORKING POC
Apple Mac OSX 10.4.7 (x86) - 'fetchmail' Local Privilege Escalation
EIP-2026-104583 EXPLOITDB perl WORKING POC
Apple Mac OSX 10.4.7 (PPC) - 'fetchmail' Local Privilege Escalation
CVE-2005-0716 EXPLOITDB perl WORKING POC
Apple Mac OS X - Buffer Overflow
Stack-based buffer overflow in the Core Foundation Library in Mac OS X 10.3.5 and 10.3.6, and possibly earlier versions, allows local users to execute arbitrary code via a long CF_CHARSET_PATH environment variable.
CVE-2007-0466 EXPLOITDB text WRITEUP
Telestream Flip4Mac <2.1.0.33 - RCE
Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 allows remote attackers to execute arbitrary code via a crafted ASF_File_Properties_Object size field in a WMV file, which triggers memory corruption.
CVE-2009-0695 EXPLOITDB ruby WORKING POC
Wyse Device Manager <4.7.x - RCE
hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action.
CVE-2009-3867 EXPLOITDB ruby WORKING POC
Sun Java JRE getSoundbank file:// URI Buffer Overflow
Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.
CVE-2001-1127 EXPLOITDB text WRITEUP
Progress database 8.3D-9.1C - RCE
Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump.
CVE-2007-2175 EXPLOITDB ruby WORKING POC
Apple QuickTime Java extensions - RCE
Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007.